Claims 



1 . A computer program product for determining if any of a plurality of groups may have an 
improper actual level of privilege, said computer program product comprising: 

a computer readable medimn; 

first program instructions to compare members within each of said groups to a list of 
trusted individuals; 

second program instructions to determine if any groups with an actual privilege level 
higher than user level privilege have a member not on the list of trusted individuals, and if so, 
generate a report identifying said at least one member not on the list of trusted individuals and 
the group in which said at least one member is a member; and 

third program instructions to determine if any group with an actual privilege level higher 
than user level privilege has a group name on a list of group names generally used for a group 
with user level privilege, and if so, generate a report that said group with the higher actual 
privilege level has a group name generally used for a group with user level privilege, such that 
the members of said groups with the higher actual privilege having a group name generally used 
for a group with user level privilege are revealed as trusted or not trusted; and wherein 

said first, second and third program instructions are recorded on said medium. 

2. A computer program product as set forth in claim 1 wherein there are a plurality of 
applications or application instances, and a same group can be assigned different privilege levels 
for involvement with different applications or application instances; and said third program 
instructions makes its determination separately for each application or application instance. 

3. A computer program product as set forth in claim 1 further comprising: 
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fourth program instructions to determine if any groups with an actual privilege level 
higher than user level privilege have a group name not on a list of group names generally used 
for a group with the higher level privilege, and if so, generate a report that said group with the 
higher actual privilege level has a group name not on a list of group names generally used for a 
group with the higher level privilege, such that the members of said groups with the higher actual 
privilege having a group name not generally used for a group with the higher level privilege are 
revealed as trusted or not trusted; and wherein 

said fourth program instructions are recorded on said medium. 

4. A computer program product as set forth in claim 1 wherein said second program 
instructions determine if any group with an actual privilege level higher than user level privilege 
have all of its members on the list of trusted individuals, and if so, generate a report that said 
group with the higher actual privilege level has all its members on the list of trusted individuals. 

5. A computer program product as set forth in claim 1 further comprising fourth program 
instructions to determine if all the members of said groups with the higher actual privilege 
having a group name generally used for a group with user level privilege are on the list of trusted 
individuals; and wherein said fourth program instructions are recorded on said medium. 

6. A computer system for determining if any of a plurality of groups may have an improper 
actual level of privilege, said computer system comprising: 

means for comparing members within each of said groups to a list of trusted individuals; 

means for determining if any groups with an actual privilege level higher than user level 
privilege have a member not on the list of trusted individuals, and if so, generate a report 
identifying said at least one member not on the list of trusted individuals and the group in which 
said at least one member is a member; and 
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means for determining if any group with an actual privilege level higher than user level 
privilege has a group name on a list of group names generally used for a group with user level 
privilege, and if so, generate a report that said group with the higher actual privilege level has a 
group name generally used for a group with user level privilege, such that the members of said 
groups with the higher actual privilege having a group name generally used for a group with user 
level privilege are revealed as trusted or not trusted. 

7. A computer system as set forth in claim 6 wherein there are a plurality of applications or 
application instances, and a same group can be assigned different privilege levels for 
involvement with different applications or application instances; and said means for determining 
if any group with an actual privilege level higher than user level privilege has a group name 
generally used for a group with user level privilege makes its determination separately for each 
application or application instance. 

8. A computer system as set forth in claim 6 further comprising: 

means for determining if any groups with an actual privilege level higher than user level 
privilege have a group name not on a list of group names generally used for a group with the 
higher level privilege, and if so, generate a report that said group with the higher actual privilege 
level has a group name not generally used for a group with the higher level privilege, such that 
the members of said groups with the higher actual privilege having a group name not generally 
used for a group with the higher level privilege are revealed as trusted or not trusted. 

9. A computer system as set forth in claim 6 wherein said means for determining if any 
groups with an actual privilege level higher than user level privilege have a member not on the 
list of trusted individuals determines if any group with an actual privilege level higher than user 
level privilege have all of its members on the list of trusted individuals, and if so, generates a 
report that said group with the higher actual privilege level has all its members on the list of 
trusted individuals. 
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10. A computer system as set forth in claim 6 further comprising means for determining if all 
the members of said groups with the higher actual privilege having a group name generally used 
for a group with user level privilege are on the list of trusted individuals. 

11. A computer program product for determining if any of a plurality of groups may have an 
improper actual level of privilege, said computer program product comprising: 

a computer readable medium; 

first program instructions to compare members within each of said groups to a list of 
trusted individuals; 

second program instructions to determine if any groups with an actual privilege level 
higher than user level privilege have a member not on the list of trusted individuals, and if so, 
generate a report identifying said at least one member not on the list of trusted individuals and 
the group in which said at least one member is a member; and 

third program instructions to determine if any groups with an actual privilege level higher 
than user level privilege have a group name not on a list of group names generally used for a 
group with the higher level privilege, and if so, generate a report that said group with the higher 
actual privilege level has a group name not generally used for a group with the higher level 
privilege, such that the members of said groups with the higher actual privilege having a group 
name not generally used for a group with the higher level privilege are revealed as trusted or not 
trusted; and wherein 

said first, second and third program instructions are recorded on said medium. 

12. A computer program product as set forth in claim 1 1 wherein there are a plurality of 
applications or application instances, and a same group can be assigned different privilege levels 
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for involvement with different applications or application instances; and said third program 
instructions makes its determination separately for each application or application instance. 

13. A computer program product as set forth in claim 1 1 wherein said second program 
instructions determine if any group with an actual privilege level higher than user level privilege 
have all of its members on the list of trusted individuals, and if so, generate a report that said 
group with the higher privilege level has all its members on the list of trusted individuals 

14. A computer program product as set forth in claim 1 1 further comprising fourth program 
instructions to determine if all the members of said group with the higher actual privilege having 
a group name not generally used for a group with higher level privilege are on the list of trusted 
individuals; and wherein 

said fourth program instructions are recorded on said medium. 

15. A computer program product for managing privileges of groups, said computer program 
product comprising: 

a computer readable medium; 

first program instructions to compare members within each of said groups to a list of 
trusted individuals; 

second program instructions to determine if any groups with an actual privilege level 
higher than user level privilege have a member not on the list of trusted individuals, and if so, 
remove said member not on the list of trusted individuals from said group; and wherein 

said first and second program instructions are recorded on said medium. 
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1 6. A computer program product for managing privileges of groups, said computer program 
product comprising: 

a computer readable medium; 

first program instructions to determine if any group with an actual privilege level higher 
than user level privilege has a group name on a list of group names generally used for a group 
with user level privilege or no privilege; and 

second program instructions, responsive to a determination of a group with an actual 
privilege level higher than user level privilege with a group name generally used for a group with 
user level privilege or no privilege, to compare members of such group to a list of trusted 
individuals, and if any member(s) of such group do not appear on said list of trusted individuals, 
remove said member(s) from such group that do not appear on the said list of trusted individuals; 
and wherein 

said first and second program instructions are recorded on said medium. 

17. A computer program product for managing privileges of groups, said computer program 
product comprising: 

a computer readable medium; 

first program instructions to determine if any group with an actual privilege level higher 
than user level privilege has a group name not on a list of group names generally used for a group 
with privilege level higher than user level privilege; and 

second program instructions, responsive to a determination of a group with an actual 
privilege level higher than user level privilege with a group name not generally used for a group 
with privilege level higher than user level privilege, to compare members of such group to a list 



END920030127US1 



19 



of trusted individuals, and if any member(s) of such group do not appear on said list 
individuals, lower the actual privilege level of said group; and wherein 

said first and second program instructions are recorded on said medium. 
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